﻿' ----------------------------------------------------------------------------------
' Microsoft Developer & Platform Evangelism
' 
' Copyright (c) Microsoft Corporation. All rights reserved.
' 
' THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, 
' EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES 
' OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE.
' ----------------------------------------------------------------------------------
' The example companies, organizations, products, domain names,
' e-mail addresses, logos, people, places, and events depicted
' herein are fictitious.  No association with any real company,
' organization, product, domain name, email address, logo, person,
' places, or events is intended or should be inferred.
' ----------------------------------------------------------------------------------

Imports Microsoft.Samples.WindowsPhoneCloud.Web.UserAccountWrappers

Namespace Infrastructure

    Public MustInherit Class StorageRequestValidator
        Implements IStorageRequestValidator
        Private ReadOnly formsAuth As IFormsAuthentication
        Private ReadOnly membershipService As IMembershipService

        Protected Sub New(ByVal formsAuth As IFormsAuthentication, ByVal membershipService As IMembershipService)
            Me.formsAuth = formsAuth
            Me.membershipService = membershipService
        End Sub

        Public Function ValidateRequest(ByVal context As HttpContext) As Boolean Implements IStorageRequestValidator.ValidateRequest
            Dim userName = Me.GetUserId(context)
            If String.IsNullOrEmpty(userName) Then
                Return False
            End If

            Return Me.OnValidateRequest(userName, context)
        End Function

        Public Function GetUserId(ByVal context As HttpContext) As String Implements IStorageRequestValidator.GetUserId
            Dim ticketValue As String = Nothing

            Dim cookie = context.Request.Cookies(Me.formsAuth.FormsCookieName)
            If cookie IsNot Nothing Then
                ' From cookie
                ticketValue = cookie.Value
            ElseIf context.Request.Headers("AuthToken") IsNot Nothing Then
                ' From http header
                ticketValue = context.Request.Headers("AuthToken")
            End If

            If Not String.IsNullOrEmpty(ticketValue) Then
                Dim ticket As FormsAuthenticationTicket = Nothing
                Try
                    ticket = Me.formsAuth.Decrypt(ticketValue)
                Catch e1 As ArgumentException
                    context.Response.EndWithDataServiceError(401, "Unauthorized", "The Authorization Token is no longer valid.")
                End Try

                If ticket IsNot Nothing Then
                    Return Me.membershipService.GetUser(New FormsIdentity(ticket).Name).ProviderUserKey.ToString()
                End If
            End If

            context.Response.EndWithDataServiceError(404, "Not Found", "Resource Not Found.")

            Return String.Empty
        End Function

        Protected MustOverride Function OnValidateRequest(ByVal userId As String, ByVal context As HttpContext) As Boolean
    End Class
End Namespace